Job Description

ECS is seeking a Defensive Cyber Engineer - Junior to support the Army National Guard (ARNG) Enterprise Network Operations and Cybersecurity Support (ENOCS) program in Fairfax, VA This position supports Task 3 — Cybersecurity Operations Support — by implementing and maintaining defensive cybersecurity tools and technical controls across enterprise systems and enclaves, applying hardening measures, validating remediation actions, assisting with event investigation, and documenting corrective actions that support continuous monitoring and RMF objectives. The role contributes directly to ENOCS delivery of Defensive Cyberspace Operations – Internal Defensive Measures (DCO-IDM) and works in coordination with cybersecurity operations, compliance, vulnerability management, SOC, and RMF personnel across the broader Task 3 team.

Please Note: This position is contingent upon contract award.

This role supports ARNG mission operations across classified and unclassified environments serving more than 120,000 users and approximately 141,000 endpoints at about 2,800 sites in 54 states and territories. The Defensive Cyber Engineer - Junior helps protect the DoDIN-Army-NG area of responsibility in support of Title 10 and Title 32 missions, mobilization readiness, domestic emergency response, and classified SIPRNet operations. The position operates within the ENOCS cybersecurity environment that includes USIEM analytics, EDR, IDS/IPS, eMASS, ACAS, STIG Manager, and coordination with the NETCOM Global Cyber Center and DISA DCDC to sustain secure, compliant, and resilient enterprise operations.

Responsibilities

• Implement and maintain defensive cybersecurity tools and technical controls across ARNG enterprise systems, enclaves, and supported network environments under Task 3 Cybersecurity Operations Support.
• Apply STIG configurations, security patches, and hardening measures to help maintain secure baseline configurations and support continuous compliance validation.
• Perform vulnerability analysis, verify remediation effectiveness, and document findings to support enterprise vulnerability management and secure baseline configuration activities.
• Review logs and security event data under senior direction to support monitoring, analysis, and investigation of suspicious or anomalous activity.
• Assist incident response personnel with containment activities and technical follow-through during cybersecurity events, then document corrective actions and remediation status.
• Support RMF and continuous monitoring activities by helping maintain technical evidence, updating artifacts, and contributing information required for eMASS records and POA&M tracking.
• Coordinate with SOC and cybersecurity operations personnel to support detection and response workflows, including escalation of issues identified through monitoring and analysis processes.
• Contribute to security operations that leverage ARNG’s operational toolsets and data sources, including USIEM, EDR, IDS/IPS, ACAS, and STIG Manager, to improve visibility and defensive posture.
• Support cybersecurity activities conducted in coordination with the NETCOM Global Cyber Center and DISA DCDC across classified and unclassified ARNG network environments.
• Help sustain technical security controls that protect ARNG mission operations supporting Title 10 and Title 32 requirements, classified SIPRNet operations, mobilization readiness, and domestic emergency response.

Qualifications

Required Qualifications

U.S. Citizenship is required

Security Clearance: Secret Eligible

Required Certifications: DCWF Work Role 521-Cyber Defense Infrastructure Support Specialist — Basic proficiency; must hold ONE OR MORE of the following: CC, A+, CND, GCLD, GDSA, GFACT, Network+

Experience: 3+ years of experience in cybersecurity

• Experience applying STIG settings, security patches, and system hardening measures to enterprise IT assets.
• Experience conducting vulnerability analysis and verifying remediation actions in support of continuous monitoring objectives.
• Experience supporting log review, event analysis, or security investigation activities in an enterprise environment.
• Experience documenting technical findings, corrective actions, and remediation status for compliance or RMF-related purposes.
• Experience assisting with incident response containment activities under established procedures and senior guidance.
• Experience working across classified and unclassified environments or supporting security controls for multiple enclaves.
• Familiarity with enterprise cybersecurity platforms and processes referenced in the ENOCS environment, such as eMASS, ACAS, STIG Manager, USIEM, EDR, or IDS/IPS.